httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r..@locus.apache.org
Subject cvs commit: httpd-2.0/support suexec.c suexec.h
Date Sat, 23 Dec 2000 03:15:17 GMT
rbb         00/12/22 19:15:16

  Modified:    .        CHANGES configure.in
               support  suexec.c suexec.h
  Log:
  Allow SuExec to be configured from the ./configure command line
  
  Revision  Changes    Path
  1.23      +3 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.22
  retrieving revision 1.23
  diff -u -r1.22 -r1.23
  --- CHANGES	2000/12/23 01:46:41	1.22
  +++ CHANGES	2000/12/23 03:15:15	1.23
  @@ -1,5 +1,8 @@
   Changes with Apache 2.0b1
   
  +  *) Allow SuExec to be configured from the ./configure command line.
  +     [Ryan Bloom]
  +
     *) Update some of the docs in README and INSTALL to reflect some of
        the changes in Apache 2.0 [Cliff Woolley <cliffwoolley@yahoo.com>]
   
  
  
  
  1.108     +29 -0     httpd-2.0/configure.in
  
  Index: configure.in
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/configure.in,v
  retrieving revision 1.107
  retrieving revision 1.108
  diff -u -r1.107 -r1.108
  --- configure.in	2000/12/22 22:44:45	1.107
  +++ configure.in	2000/12/23 03:15:15	1.108
  @@ -169,6 +169,35 @@
     progname="$withval" ], [
     progname="httpd"] )
   
  +# SuExec parameters
  +AC_ARG_WITH(suexec-caller,
  +[  --with-suexec-caller=User allowed to call SuExec],[
  +  AC_DEFINE_UNQUOTED(AP_HTTPD_USER, $withval, [User allowed to call SuExec] ) ] )
  +
  +AC_ARG_WITH(suexec-userdir,
  +[  --with-suexec-userdir=User subdirectory],[
  +  AC_DEFINE_UNQUOTED(AP_USERDIR_SUFFIX, $withval, [User subdirectory] ) ] )
  +
  +AC_ARG_WITH(suexec-docroot,
  +[  --with-suexec-docroot=SuExec root directory],[
  +  AC_DEFINE_UNQUOTED(AP_DOC_ROOT, $withval, [SuExec root directory] ) ] )
  +
  +AC_ARG_WITH(suexec-uidmin,
  +[  --with-suexec-uidmin=Minimal allowed UID],[
  +  AC_DEFINE_UNQUOTED(AP_UID_MIN, $withval, [Minimal allowed UID] ) ] )
  +
  +AC_ARG_WITH(suexec-gidmin,
  +[  --with-suexec-gidmin=Minimal allowed GID],[
  +  AC_DEFINE_UNQUOTED(AP_GID_MIN, $withval, [Minimal allowed GID] ) ] )
  +
  +AC_ARG_WITH(suexec-logfile,
  +[  --with-suexec-logfile=Set the logfile],[
  +  AC_DEFINE_UNQUOTED(AP_LOG_EXEC, $withval, [SuExec log file] ) ] )
  +
  +AC_ARG_WITH(suexec-safepath,
  +[  --with-suexec-safepath=Set the safepath],[
  +  AC_DEFINE_UNQUOTED(AP_SAFE_PATH, $withval, [safe shell path for SuExec] ) ] )
  +
   dnl ### util_xml is always included, so we always need Expat (for now)
   apache_need_expat=yes
   
  
  
  
  1.7       +20 -19    httpd-2.0/support/suexec.c
  
  Index: suexec.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/support/suexec.c,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- suexec.c	2000/10/23 15:30:55	1.6
  +++ suexec.c	2000/12/23 03:15:16	1.7
  @@ -68,6 +68,7 @@
    *
    */
   
  +#include "ap_config_auto.h"
   #include "ap_config.h"
   #include <sys/param.h>
   #include <sys/stat.h>
  @@ -163,12 +164,12 @@
   
   static void err_output(const char *fmt, va_list ap)
   {
  -#ifdef LOG_EXEC
  +#ifdef AP_LOG_EXEC
       time_t timevar;
       struct tm *lt;
   
       if (!log) {
  -	if ((log = fopen(LOG_EXEC, "a")) == NULL) {
  +	if ((log = fopen(AP_LOG_EXEC, "a")) == NULL) {
   	    fprintf(stderr, "failed to open log file\n");
   	    perror("fopen");
   	    exit(1);
  @@ -185,19 +186,19 @@
       vfprintf(log, fmt, ap);
   
       fflush(log);
  -#endif /* LOG_EXEC */
  +#endif /* AP_LOG_EXEC */
       return;
   }
   
   static void log_err(const char *fmt,...)
   {
  -#ifdef LOG_EXEC
  +#ifdef AP_LOG_EXEC
       va_list ap;
   
       va_start(ap, fmt);
       err_output(fmt, ap);
       va_end(ap);
  -#endif /* LOG_EXEC */
  +#endif /* AP_LOG_EXEC */
       return;
   }
   
  @@ -215,7 +216,7 @@
   	exit(120);
       }
   
  -    sprintf(pathbuf, "PATH=%s", SAFE_PATH);
  +    sprintf(pathbuf, "PATH=%s", AP_SAFE_PATH);
       cleanenv[cidx] = strdup(pathbuf);
       cidx++;
   
  @@ -291,13 +292,13 @@
        */
   #ifdef _OSD_POSIX
       /* User name comparisons are case insensitive on BS2000/OSD */
  -    if (strcasecmp(HTTPD_USER, pw->pw_name)) {
  -        log_err("user mismatch (%s instead of %s)\n", pw->pw_name, HTTPD_USER);
  +    if (strcasecmp(AP_HTTPD_USER, pw->pw_name)) {
  +        log_err("user mismatch (%s instead of %s)\n", pw->pw_name, AP_HTTPD_USER);
   	exit(103);
       }
   #else  /*_OSD_POSIX*/
  -    if (strcmp(HTTPD_USER, pw->pw_name)) {
  -        log_err("user mismatch (%s instead of %s)\n", pw->pw_name, HTTPD_USER);
  +    if (strcmp(AP_HTTPD_USER, pw->pw_name)) {
  +        log_err("user mismatch (%s instead of %s)\n", pw->pw_name, AP_HTTPD_USER);
   	exit(103);
       }
   #endif /*_OSD_POSIX*/
  @@ -401,18 +402,18 @@
   
       /*
        * Error out if attempt is made to execute as root or as
  -     * a UID less than UID_MIN.  Tsk tsk.
  +     * a UID less than AP_UID_MIN.  Tsk tsk.
        */
  -    if ((uid == 0) || (uid < UID_MIN)) {
  +    if ((uid == 0) || (uid < AP_UID_MIN)) {
   	log_err("cannot run as forbidden uid (%d/%s)\n", uid, cmd);
   	exit(107);
       }
   
       /*
        * Error out if attempt is made to execute as root group
  -     * or as a GID less than GID_MIN.  Tsk tsk.
  +     * or as a GID less than AP_GID_MIN.  Tsk tsk.
        */
  -    if ((gid == 0) || (gid < GID_MIN)) {
  +    if ((gid == 0) || (gid < AP_GID_MIN)) {
   	log_err("cannot run as forbidden gid (%d/%s)\n", gid, cmd);
   	exit(108);
       }
  @@ -451,7 +452,7 @@
   
       if (userdir) {
   	if (((chdir(target_homedir)) != 0) ||
  -	    ((chdir(USERDIR_SUFFIX)) != 0) ||
  +	    ((chdir(AP_USERDIR_SUFFIX)) != 0) ||
   	    ((getcwd(dwd, AP_MAXPATH)) == NULL) ||
   	    ((chdir(cwd)) != 0)) {
   	    log_err("cannot get docroot information (%s)\n", target_homedir);
  @@ -459,10 +460,10 @@
   	}
       }
       else {
  -	if (((chdir(DOC_ROOT)) != 0) ||
  +	if (((chdir(AP_DOC_ROOT)) != 0) ||
   	    ((getcwd(dwd, AP_MAXPATH)) == NULL) ||
   	    ((chdir(cwd)) != 0)) {
  -	    log_err("cannot get docroot information (%s)\n", DOC_ROOT);
  +	    log_err("cannot get docroot information (%s)\n", AP_DOC_ROOT);
   	    exit(113);
   	}
       }
  @@ -543,10 +544,10 @@
        * Be sure to close the log file so the CGI can't
        * mess with it.  If the exec fails, it will be reopened 
        * automatically when log_err is called.  Note that the log
  -     * might not actually be open if LOG_EXEC isn't defined.
  +     * might not actually be open if AP_LOG_EXEC isn't defined.
        * However, the "log" cell isn't ifdef'd so let's be defensive
        * and assume someone might have done something with it
  -     * outside an ifdef'd LOG_EXEC block.
  +     * outside an ifdef'd AP_LOG_EXEC block.
        */
       if (log != NULL) {
   	fclose(log);
  
  
  
  1.4       +14 -14    httpd-2.0/support/suexec.h
  
  Index: suexec.h
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/support/suexec.h,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- suexec.h	2000/03/31 09:42:55	1.3
  +++ suexec.h	2000/12/23 03:15:16	1.4
  @@ -66,24 +66,24 @@
    *               runs.  This is the only user allowed to execute
    *               this program.
    */
  -#ifndef HTTPD_USER
  -#define HTTPD_USER "www"
  +#ifndef AP_HTTPD_USER
  +#define AP_HTTPD_USER "www"
   #endif
   
   /*
    * UID_MIN -- Define this as the lowest UID allowed to be a target user
    *            for suEXEC.  For most systems, 500 or 100 is common.
    */
  -#ifndef UID_MIN
  -#define UID_MIN 100
  +#ifndef AP_UID_MIN
  +#define AP_UID_MIN 100
   #endif
   
   /*
    * GID_MIN -- Define this as the lowest GID allowed to be a target group
    *            for suEXEC.  For most systems, 100 is common.
    */
  -#ifndef GID_MIN
  -#define GID_MIN 100
  +#ifndef AP_GID_MIN
  +#define AP_GID_MIN 100
   #endif
   
   /*
  @@ -107,8 +107,8 @@
    *                   See the suEXEC documentation for more detailed
    *                   information.
    */
  -#ifndef USERDIR_SUFFIX
  -#define USERDIR_SUFFIX "public_html"
  +#ifndef AP_USERDIR_SUFFIX
  +#define AP_USERDIR_SUFFIX "public_html"
   #endif
   
   /*
  @@ -116,8 +116,8 @@
    *             transactions and errors logged for auditing and
    *             debugging purposes.
    */
  -#ifndef LOG_EXEC
  -#define LOG_EXEC "/usr/local/apache/logs/cgi.log"	/* Need me? */
  +#ifndef AP_LOG_EXEC
  +#define AP_LOG_EXEC "/usr/local/apache/logs/cgi.log"	/* Need me? */
   #endif
   
   /*
  @@ -125,16 +125,16 @@
    *             will be the only hierarchy (aside from UserDirs)
    *             that can be used for suEXEC behavior.
    */
  -#ifndef DOC_ROOT
  -#define DOC_ROOT "/usr/local/apache/htdocs"
  +#ifndef AP_DOC_ROOT
  +#define AP_DOC_ROOT "/usr/local/apache/htdocs"
   #endif
   
   /*
    * SAFE_PATH -- Define a safe PATH environment to pass to CGI executables.
    *
    */
  -#ifndef SAFE_PATH
  -#define SAFE_PATH "/usr/local/bin:/usr/bin:/bin"
  +#ifndef AP_SAFE_PATH
  +#define AP_SAFE_PATH "/usr/local/bin:/usr/bin:/bin"
   #endif
   
   #endif /* _SUEXEC_H */
  
  
  

Mime
View raw message